Tag Info

A small trick I learned years ago - lay your email out like this:
Short Version
Small number of very short succinct points
If X, then you need to do this
Else, then you need to do that (or don't need to do anything)
Long Version or Full Details
...and here you lay out whatever full version you want.
97% of your users will never ...

In my experience management doesn't like to listen to clever analogies. Depending on the person they care about the bottom line in dollars or hours of productivity. I would explain:
The actual bottom line is that a compromise of our data will cost the
company approximately X dollars + Y hours to recover. This is Z%
likely to happen given the malware ...

Your answer is pretty OK, but you could explain the ongoing "game" between spammers and spamfilters a bit more. This makes it understandable why some spam always will find its way to the customer.
Spam filters try to catch all mail that is spam.
Spammers try to create mails that are trusted not to be spam - both by spam filters and by humans.
For ...

No
Quarantine is nothing but a place to store the infected/suspicious files. When you quarantine a file it is deleted from the actual place and moved to the quarantine location (to the path that your anti-virus program has for them).
This is something like keeping a zombie inside a jail. Obviously it is not a threat as long as you don't open the cage.
In ...

Most anti-virus vendors advise not to use their products together with those from others. That's not (just) because they fear competition. Live virus-scanners scan files on access. When they notice that a process accesses a file, they try to access it before the process to scan it. They even try to do that when that process is another virus-scanner.
When ...

There is no clear evidence that third party anti-malware security software (AV software) is more effective than Apple's own security solutions to protect Macs. Rich Mogull on the Mac TidBITS blog explains:
Far less malware exists for Macs, but even there we see limited
effectiveness across tools. For example, in a recent test by Thomas
Reed, even the ...

You can install an antivirus if you want. It should not hurt your machine, but don't expect much protection for your system and don't consider yourself entirely safe. The efficacy of antivirus software is very relative, and they're mostly in use to avoid propagate old malware especially if you have Windows machines in your ecosystem. You should expect a ...

Let us analyze each one of the techniques you want the AV to protect against:
UAC Bypass: Any process in the Windows environment running with the trusted root certificate can turn off the UAC bit of its own process, as well as any process spawned by it. This means that if your malicious code can inject itself into a process running with the trusted cert, it ...

Antivirus detection is a feature extraction and a classification problem.
A great analogy is the 20 questions game where the goal is to identify an arbitrary object by asking 20 seemingly unrelated yes/no questions. The idea behind the game is that each answer would eliminate half of the objects so it is theoretically possible to describe 2^20 (1,048,576) ...

I would advise against it.
In order to perform its job, an antivirus software has to root itself very deeply inside the system, hooking everything, installing drivers and you-name-it. In order to do so, it ends up using techniques similar to malware authors, which will be flagged as highly suspicious by other products. Even if it's not the case, it is ...

This is a little long but this exact argument has been rehashed for the last 14 years. I want to put it to bed.
I worked for Apple Tech support from 1992-2001 and have been an Apple developer since. So, I have a very good historical view of Apple ecosystem malware security.
My conclusion? 3rd party anti-malware software on the Mac is unnecessary and as ...

Sure. In Cohen's famous result, he says that a perfect virus detector should emit an alarm if and only if the input program can ever act like a virus (i.e., infect your machine and do damage).
Consider the following program:
f();
infect_and_do_damage();
where f() is some harmless function, and infect_and_do_damage() is a viral payload that infects your ...

I would avoid the biological or non-business analogies (unless this is a hospital). Your job is to assess risk, cost, and provide options. Your management's job is to make the decision based on your analysis and advice.
Generally, an approach in a tabular format is best. "approach", "likelihood of correcting the problem", "cost" are the minimum needed. ...

Despite the common wisdom, I would not recommend running anti-virus for two reasons:
Anti-virus does not really work. Though it might catch trivial or well-known viruses, it mostly just gives you a false sense of security.
Anti-virus can cause problems. In order to function, anti-virus programs have to situate themselves quite low on the computer ...

You can drink all the red wine anti-virus you want to try and prevent getting cancer, but once you get that first tumor, more drinking isn't going to help. You need to cut it out and make sure that you get all of it, because if you don't it will come back again.
Once you get infected with a virus, the obvious symptoms are an annoyance, but it is what you ...

The main function of a SPAM filter is to block anything that looks like a SPAM. The objective of an anti-virus software is to detect and remove anything that possess the signature of a virus (worms included) based on the virus definition installed. Both programs work differently based on different heuristics.
An email that doesn't look like a SPAM may ...

TL;DR: There are many more threat vectors from which a virus may be caught than you might think. Viruses commonly exploit holes in software for which there is not yet an available patch. Only third-party software, such as an Antivirus program which can detect and prevent execution of exploit code, can protect you from this.
I've been reading on ...

If the chip is writable from within the OS, the malware can write to it too, so it wouldn't help there.
Also, anti-malware software has to handle threats that are only a few hours old. Having to reboot your computer to upgrade the anti-malware software that's running on its own hardware would suck, so we need to be able to upgrade it from within the OS. If ...

Macs do get viruses, the main reason why there were historically so few viruses around for Mac is because their market share was so small.
When someone writes a virus, most of the time they want to infect as many targets as possible. So 10 years ago this would result in almost only Windows viruses since they had such large market share. Recently, however, ...

As @gowenfawr says many users will not read messages no matter what you do.
So, in cases when you need to guarantee that the message was delivered to the brain and not only inbox, or acted upon, what you need is a feedback mechanism.
This can be simple, using social approach - for example asking users an essentially fake question while providing ...

I'll answer in the form of an anecdote.
Back in 2003, I was working in tech support for a Mac-based organisation. We were essentially a government contractor and, as such, nearly all our money came from sending Microsoft Word documents to the government to document what we had done and what we should be paid for.
Someone managed to bring a Word macro virus ...

You need anti-viruses for the following reasons:
0-days
Unpatched vulnerabilities
Deceptions
you uses USB sticks on machine that are not yours
Malicious users that could use your PC (in a way)
Avoid virus propagations over all your data.
Nobody knows all the infections vectors of virus. You could at any time encounter a way to be infected you don't know ...

Very easy.
Didier Stevens has provided two open-source, Python-based scripts to perform PDF malware analysis. There are a few others that I will also highlight.
The primary ones you want to run first are PDFiD (available another with Didier's other PDF Tools) and Pyew.
Here is an article on how to run pdfid.py and see the expected results; Here is another ...

The goal of most malware is to remain active as long as possible. The longer it can collect keystrokes, participate in DDoS attacks, redirect search results, send spam emails, shows popup ads, etc., the more profitable it is for the creator. To reach this goal, it has to be undetected.
If a piece of malware infects a machine twice, it may leave the machine ...

It all depends on the person; but a good first step would be to change their default browser to Chrome or Firefox - install AdBlock Plus (http://adblockplus.org/, or similar) and Ghostery (http://www.ghostery.com/) in their browser, and a decent anti-virus (Microsoft Security Essentials (http://www.microsoft.com/mse) should be fine, and since it's free - you ...

The difference is mostly a matter of historical tradition.
Biologically, a virus is a piece of RNA. RNA is an intermediary vessel for genetic code, which temporarily duplicates a piece of the DNA (the permanent storage of genetic information in a cell). RNA then goes through some "engines" which can duplicate it and/or convert it into proteins (genetic code ...

Malware signatures are unique values that indicate the presence of malicious code.
Simply speaking, When an anti-virus program scans your computer, it calculates the signature for a file (say like a hash), then compares that signature/hash to a list of known bad signatures.
Calculating a single hash of a file and then comparing it against a list of millions ...

I think the authors real point is not the safety of a file once quarantined but rather what happens if the user says "no"? Does the system leave it where it is - a potentially big risk, or does it erase it - a potentially big risk. Without knowing what action will be taken if you don't quarantine, or indeed without explaining what quarantine means, the user ...